Data intermediary system and data intermediary method

ABSTRACT

Provided is a data intermediary system, comprising a processor and a storage unit. The storage unit stores therein usage information indicating usage of services. The processor acquires information indicating a data item that needs to be provided by a user as required by a provider of a first service that the user wishes to use, based on terms of use of the first service, selects a second service from services that the user has used in the past, based on the usage information, extracts a difference between the required data items and data items provided based on terms of use of the second service, outputs information indicating the extracted difference, and controls, when the user has accepted the terms of use of the first service, a flow of data from a provider holding the required data to the provider that provides the first service.

CLAIM OF PRIORITY

The present application claims priority from Japanese patent applicationJP2021-90155 filed on May 28, 2021, the content of which is herebyincorporated by reference into this application.

BACKGROUND OF THE INVENTION

The present invention relates to a date intermediary technology.

When personal data is to be supplied to third-party service providers,it is necessary to obtain authorization from a user who owns the data.Japanese Patent Application Laid-open Publication No. 2020-24511 (PatentDocument 1), for example, discloses a technique to simplify the processto obtain consent from a user. In Patent Document 1, personal dataprovided in response to the user's consent is recorded in the firstperiod. If personal data is to be provided in the second period thatcomes after the first period, the amount of information provided in thefirst period and the amount of information provided in the second periodare compared, and if the amounts differ from each other, the differencein information amount determines whether it is necessary to obtainconsent from the user or not.

SUMMARY OF THE INVENTION

However, in Patent Document 1, it was necessary to compare theinformation amount of the data that has been provided to a third partybefore with the information amount of the data to be provided newly. Ifdata needs to be provided to a third party that has not been receiveddata before, then there is no past information to compare. Thus, for athird party that has not received data before, the consent procedureneeds to be performed, which increases a burden on the user.

In order to solve at least one of the foregoing problems, arepresentative example of the present invention is a data intermediarysystem, comprising a processor and a storage unit, wherein the storageunit stores therein usage information indicating usage of a plurality ofservices that a user has used in the past, wherein the processoracquires information indicating a data item that needs to be provided bya user as required by a provider of a first service that the user wishesto use, based on terms of use of the first service, selects a secondservice from a plurality of services that the user has used in the past,based on the usage information, extracts a difference between the dataitems that needs to be provided based on the terms of use of the firstservice and data items provided based on terms of use of the secondservice, outputs information indicating the extracted difference, andcontrols, upon receiving information indicating that the user hasaccepted the terms of use of the first service, a flow of data from aprovider holding the data that needs to be provided based on the termsof use of the first service to the provider that provides the firstservice.

According to an aspect of the present invention, it is possible to easethe burden of the user in the consent procedure for data provisionrequired to use a service. The objects, configurations, and effectsother than those described above will become apparent in thedescriptions of embodiments below.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 illustrates an example of a data intermediary systemconfiguration of Embodiment 1 of the present invention.

FIG. 2A is a block diagram illustrating an example of the configurationof a data intermediary device of Embodiment 1 the present invention.

FIG. 2B is a block diagram illustrating an example of the hardwareconfiguration of the data intermediary device of Embodiment 1 thepresent invention.

FIG. 3 is a sequence chart illustrating an example of a dataintermediary method of Embodiment 1 of the present invention.

FIG. 4 is a flowchart illustrating an example of the process tocalculate a credibility level of each service provider, which isperformed by the data intermediary device of Embodiment 1 of the presentinvention.

FIG. 5 is a flowchart illustrating an example of the process in whichthe data intermediary device of Embodiment 1 of the present inventionextracts a difference between the respective terms of use.

FIG. 6 is a diagram for explaining an example of a service usage tablestored in the data intermediary device of Embodiment 1 the presentinvention.

FIG. 7 is a diagram for explaining an example of a data importance tablestored in the data intermediary device of Embodiment 1 the presentinvention.

FIG. 8 is a diagram for explaining an example of a terms of use tablestored in the data intermediary device of Embodiment 1 the presentinvention.

FIG. 9 is a diagram for explaining an example of a difference of termstable stored in the data intermediary device of Embodiment 1 the presentinvention.

FIG. 10 is a diagram for explaining an example of the consent requestscreen displayed by the data owner terminal constituting the dataintermediary system of Embodiment 1 of the present invention.

FIG. 11 is a flowchart illustrating an example of the process to extracta provider as a comparison target, which is performed by a dataintermediary device of Embodiment 2 of the present invention.

FIG. 12 is a flowchart illustrating an example of the process in whichthe data intermediary device of Embodiment 2 of the present inventioncalculates a difference between the respective terms of use.

FIG. 13 is a diagram for explaining an example of an user specificationtable stored in the data intermediary device of Embodiment 2 the presentinvention.

FIG. 14A is a diagram for explaining one example of the screen displayedto the user after type comparison was performed in Embodiment 2 of thepresent invention.

FIG. 146 is a diagram for explaining one example of the screen displayedto the user when a consent request for the user is skipped in Embodiment2 of the present invention.

DETAILED DESCRIPTION OF THE EMBODIMENTS

Below, embodiments of the present invention will be explained in detailwith reference to figures. In all the figures, the same configurationsand steps are given the same reference characters, and overlappingexplanations are omitted.

Embodiment 1 <FIG. 1: Data Intermediary System Configuration>

FIG. 1 illustrates an example of a data intermediary systemconfiguration of Embodiment 1 of the present invention.

In FIG. 1 , the data intermediary system includes data providing devices101, 102, . . . , 10N (N is an integer of 1 or greater), a dataintermediary device 100, data utilization devices 201, 202, . . . , 20N,and data owner terminals 301, . . . 30N. The data intermediary device100 is connected to a communication network 40, and the communicationnetwork 40 is connected to the data providing devices 101, 102, . . . ,10N. Also, The data intermediary device 100 is connected to acommunication network 50, and the communication network 50 is connectedto the data utilization devices 201, 202, . . . , 20N. Furthermore, thedata intermediary device 100 is connected to a communication network 60,and the communication network 60 is connected to the data ownerterminals 301, . . . , 30N.

The communication network 40, the communication network 50, and thecommunication network 60 may be the same network.

The data providing device 10N is a device used by a service providerthat provides a service to users, and when a user uses the service,personal data regarding that user is accumulated in the data providingdevice 10N. Below, the data providing device 10N represents any one ofthe data providing devices 101, 102, . . . , 10N.

The data utilization device 20N is a device used by the provider thatprovides a service to users, and needs personal data of usersaccumulated in the data providing device 10N in order to provide theservice. Below, the data utilization device 20N represents any one ofthe data utilization devices 201, 202, . . . , 20N.

The data owner terminal 30N is used by the user who owns personal datathat is accumulated in the data providing device 10N to specify thatthey wish to use the service provided by the data utilization device 20Nand authorize provision of their personal data to the data utilizationdevice 20N, and to use the service. Below, the data owner terminal 30Nrepresents any one of the data owner terminals 301, . . . , 30N.

The number of the data providing devices 10N, the number of the datautilization devices 20N, and the number of the data owner terminals 30Nthat constitute the data intermediary system may be appropriatelyselected, and those numbers do not have to be the same.

The data owner terminal 30N according to this embodiment may be realizedby special hardware, or a configuration may be adopted where the dataowner terminal 30N is constituted of a CPU (central processing unit), amemory, and the like, and the functions of respective units thereof arerealized by the CPU executing computer programs for those functions. Forexample, the data owner terminal 30N may be a mobile communicationterminal device such as a smartphone or a smart device of a GPS in acar, or may be a stationary communication device (such as a personalcomputer).

<FIG. 2: Configuration of Data Intermediary Device 100>

FIG. 2A is a block diagram illustrating an example of the configurationof the data intermediary device 100 of Embodiment 1 the presentinvention.

The data intermediary device 100 includes a communication unit 1100, adata provision management unit 1200, a terms of use management unit1300, a service provider management unit 1400, a consent proceduremanagement unit 1500, a data distribution control unit 1600, and astorage unit 2000.

The communication unit 1100 communicates with the data providing device10N via the communication network 40, communicates with the datautilization device 20N via the communication network 50, andcommunicates with the data owner terminal 30N via the communicationnetwork 60. For example, the communication unit 1100 receives terms ofuse for a service that the user wishes to use from the data utilizationdevice 20N, and forwards it to the terms of use management unit 1300.The communication unit 1100 transmits the terms of use confirmed by theterms of use management unit 1300 to the data owner terminal 30N toobtain consent from the user on the terms. The communication unit 1100then receives the result of the consent procedure from the data ownerterminal 30N and the consent procedure management unit 1500 records theresult of the consent procedure.

The data provision management unit 1200 records and manages dataprovided by the data providing device 10N to the data utilization device20N when the user uses the service provided by the data utilizationdevice 20N.

The terms of use management unit 1300 acquires terms of use to be agreedupon between the user and the service provider for the service providedby the data utilization device 20N that the user wishes to use, confirmsthat there are no errors, and manages the terms of use to be disclosedto the user.

The service provider management unit 1400 is constituted of a serviceusage management unit 1401 and a difference of terms extraction unit1402.

The service usage management unit 1401 manages contents of the services,information of service providers, usage of services, terms of use, andthe like for the services used by the user through the data ownerterminal 30N.

The difference of terms extraction unit 1402 selects one serviceprovider from the list of service providers for services being used bythe user, which is managed by the service usage management unit 1401,and compares terms of use of the selected service provider with terms ofuse of a new service provider to extract the difference between the twoterms.

The consent procedure management unit 1500 is constituted of a consentnotification generation unit 1501 and a consent acquisition unit 1502.

The consent notification generation unit 1501 generates a consentrequest notification that is transmitted to the data owner terminal 30Nvia the communication unit 1100 based on the extraction results of thedifference of terms extraction unit 1403 representing a differencebetween the terms of use of the provider currently used by the user andthe terms of use of the provider that the user wishes to use. Uponreceiving the notification generated by the consent notificationgeneration unit 1501, the user accepts or declines the request using thedata owner terminal 30N, and transmits the result to the dataintermediary device 100.

The consent acquisition unit 1502 acquires and manages the result of theconsent procedure by the user, which was received through thecommunication unit 1100.

The data distribution control unit 1600 controls distribution of user'spersonal data accumulated in the data providing device 10N to the datautilization device 20N based on the terms of use agreed by the user,which is managed by the consent procedure management 1500.

The storage unit 2000 stores data generated by or necessary for thefunctions of the communication unit 1100, the data provision managementunit 1200, the terms of use management unit 1300, the service providermanagement unit 1400, the consent procedure management unit 1500, andthe data distribution control unit 1600.

The data intermediary device 100 of this embodiment may be realized byspecial hardware, or a configuration may be adopted where the dataintermediary device 100 is constituted of a CPU, a memory, and the like,and the functions of respective units thereof are realized by the CPUexecuting computer programs for those functions. For example, the dataintermediary device 100 is constituted of a general computer such as apersonal computer, and the respective functions of the data intermediarydevice 100 illustrated in FIG. 2A may be realized by the computerexecuting computer programs for realizing those function.

FIG. 2B is a block diagram illustrating an example of the hardwareconfiguration of the data intermediary device 100 of Embodiment 1 thepresent invention.

The data intermediary device 100 may be constituted of a communicationunit 1100, a CPU 3000, a memory 4000, and a storage unit 2000. In thiscase, computer programs for realizing the functions of the dataprovision management unit 1200, the terms of use management unit 1300,the service provider management unit 1400, the consent proceduremanagement unit 1500, and the data distribution control unit 1600 arestored in the memory 4000, and those functions are realized by the CPU3000 executing those programs. The functions of the computer programsmay be realized by a single device, or by a plurality of devicesconnected to each other in such a manner that mutual communication ispossible. Depending on whether the functions are realized by a singledevice or multiple devices, the data intermediary device mayalternatively be referred to as a data intermediary system.

Next, the data intermediary method of this embodiment will be explainedbelow.

<FIG. 3: Steps for Using a Service>

With reference to FIG. 3 , the data intermediary method of thisembodiment will be explained. FIG. 3 is a sequence chart illustrating anexample of the data intermediary method of Embodiment 1 of the presentinvention. Specifically, FIG. 3 illustrates a sequence from a pointwhere a request to use a service is received from the user to a pointwhere the user starts using the service.

In Step S101, the data owner terminal 30N transmits a request to use aservice provided by the data utilization device 20N to the dataintermediary device 100 in response to an operation by the user. Therequest to use the service is a message including a service D and a userID. The service ID is identification information for a service providedby the data utilization device 20N. The user ID is identificationinformation for a user. The data intermediary device 100 receives therequest to use the service via the communication unit 1100. The dataintermediary device 100 holds the service use request that was received.

In Step S102, the data intermediary device 100 transmits, to the datautilization device 20N corresponding to the service ID in the receivedservice use request, a request for terms of use for the service ID viathe communication unit 1100. The data intermediary device 100 isprovided in advance with information linking the service Ds to the datautilization devices 20N. The request for the terms of use is a messageincluding the service D, asking for terms of use specified by theservice provider. The request for terms of use is received by the datautilization device 20N.

In Step S103, the data utilization device 20N transmits, to the dataintermediary device 100, the terms of use corresponding to the serviceID included in the received request for the terms of use. The terms ofuse data corresponding to the service ID is data including informationrepresenting the terms of use specified by the service provider thatprovides the service corresponding to the service ID.

The terms of use data received through the communication unit 1100 ismanaged by the terms of use management unit 1300 in a terms of usetable. The terms of use table is stored in the storage unit 2000.

FIG. 8 is a diagram for explaining an example of the terms of use tablestored in the data intermediary device 100 of Embodiment 1 the presentinvention.

As illustrated in FIG. 8 , the terms of use table 800 includes an ID801, an item name 802, and contents 803. The ID 801 is identificationinformation for each item of the terms of use. The item name 802represents the name of each item. Examples of the item names include aservice overview, a provider, data used, a data acquisition method,purposes of use, data processing, provision to a third party, a storageperiod, user involvement, and contact information. The contents 803include details of the terms for each item for the service.

FIG. 8 illustrates an example of the terms of use for the “foodrecommendation service” provided by “Company A”. According to the termsof use illustrated here, in order to use this service, the user needs toprovide information such as “name” “email address” “locationinformation” “visit history information” and “review postinginformation” to the provider. Those pieces of information are acquiredat startup of the application, are used for optimizing the service afteranonymized, are not provided to a third party (an entity other than“Company A”), and are stored until the application is uninstalled.Furthermore, the user may be involved in disclosure, suspension of use,update, and deletion of the information as well as withdrawal ofconsent.

The “review” generally means information orally communicated. However,the review information in this embodiment is not limited to informationorally communicated, but also includes information generated by usersand exchanged between users. There is no limitation on the content ofthe reviews and distribution mode thereof, but a typical example iscertain types of information, such as ratings, comments and the likefrom the user with regard to a service used by users, that aredistributed through SNS (social networking service), review websites,and the like.

FIG. 8 illustrates a table constituted of three columns and eleven rows,but the number of columns and the number of rows of the terms of usetable 800 are not limited to those. For example, for each item such as“name” and “email address”, which is stored as the “data used”, a dataacquisition method, purposes of use, data processing, third partyprovision, a storage period, and involvement of the user may be set.

Returning to FIG. 3 , in Step S104, the terms of use management unit1300 retrieves the terms of use for that service from the storage unit2000, and confirms that there are no errors in the terms of use for theservice. If there is an error, the portion with the error is recorded,and the confirmation result is sent to the data utilization device 20Nvia the communication unit 1100.

In Step S105, the data utilization device 20N receives the terms of usefor the service confirmed by the terms of use management unit 1300, andif there was an error, revises the terms of use for the service, andfinalizes the terms of use so the terms can be disclosed to the user.The finalized terms of use for the service are sent to the communicationunit 1100, and is stored in the storage unit 2000.

In Step S106, the service utilization management unit 1401 extracts aprovider as a comparison target from the service providers being used bythe user, in preparation for Step S107 where a difference betweenrespective terms is extracted. At this time, the service usagemanagement unit 1401 may calculate credibility levels of the serviceproviders being used by the user, and select a provider as a comparisontarget based on their credibility level. For example, as the mostappropriate provider to be compared, a provider with the highestcredibility level is selected from the service providers being used bythe user. However, it is not necessary to select the provider with thehighest credibility level, as long as the credibility level of theselected provider is high. For example, a provider with a highcredibility level may be selected by a method in which the user selectsfrom a plurality of providers having at least a certain level ofcredibility (such as a plurality of providers with top credibilitylevels or a plurality of providers having a credibility level higherthan a prescribed standard). An example of the method for calculatingthe credibility level will be explained below with reference to FIG. 4 .

<FIG. 4: Process to Calculate Credibility Levels of Service Providers>

FIG. 4 is a flowchart illustrating an example of the process tocalculate a credibility level of each service provider, which isperformed by the data intermediary device 100 of Embodiment 1 of thepresent invention.

In Step S201, the service usage management unit 1401 acquires the usagesituation of the service being used by the user.

FIG. 6 is a diagram for explaining an example of a service usage tablestored in the data intermediary device 100 of Embodiment 1 the presentinvention.

As illustrated in FIG. 6 , the service usage table 600 includes an ID601, a service name 602, a service provider name 603, a service category604, a frequency of use 605, a duration of use 606, terms of use 607,and a credibility level 608.

The ID 601 is identification information for each service. The servicename 602 is the name of the service. The service provider name 603 isthe name of a provider providing the service. The service category 604is classification information of the service content. For example,categories of the automobilerelated service include maintenance,navigation, insurance, and entertainment.

The frequency of use 605 is the number of times the user uses theservice over a prescribed period. The duration of use 606 indicates howlong the user have been using the service. The terms of use 607 isinformation for the terms of use of the service. The credibility level608 indicates how much the user trusts a provider of the service. Thecalculation results of the credibility level obtained by the serviceusage management unit 1401 are stored in the credibility level 608.

FIG. 6 illustrates the service usage table 600 constituted of eightcolumns, but the configuration of the service usage table 600 is notlimited to this.

Returning to FIG. 4 , in Step S202, the service usage management unit1401 confirms the number of services used by the user, which wasacquired in Step S201, and holds the number of services as a countervalue. If the counter value of the number of services is greater thanzero, the process moves to Step S203. If the counter value of the numberof services is zero, the calculation of the credibility level is ended.

In Step S203, the service usage management unit 1401 retrieves oneservice from the list of the services being used by the user, which wasacquired in Step S201, and extracts data items that need to be providedby the user in order to use that service. First, the service usagemanagement unit 1401 retrieves terms of use for that service from theservice usage table 600, and extracts items related to data used forthat service, from the terms of use for that service.

In Step S204, the service usage management unit 1401 confirms the numberof data items retrieved in Step S203, and holds the number of data itemsas a counter value. If the counter value of the number of data items isgreater than zero, the process moves to Step S205. If the counter valueof the number of data items is zero, the process moves to Step S207.

In Step S205, the service usage management unit 1401 selects one dataitem from the data items retrieved in Step S203, and acquires a degreeof importance of the data item from the data provision management unit1200. The degree of importance indicates how important that data is forthe owner of the data. For example, the degree of importance of the datamay be a value indicating a degree of consequence (risk level) caused byan unintended use of the data such as data being abused by other people.In such a case, the degree of importance may also be referred to as arisk level.

FIG. 7 is a diagram for explaining an example of the data importancetable stored in the data intermediary device 100 of Embodiment 1 thepresent invention.

As illustrated in FIG. 7 , the data importance table 700 includes an ID701, a data item name 702, and importance 703. The ID 701 isidentification information for each data item. The data item name 702 isthe name of each data item. The importance 703 indicates how importantthat data item for the user. In FIG. 7 , a value in the data importance703 is a value ranging from 0 to 1, for example, but the value of thedata importance 703 is not limited to this.

The importance 703 may be specified by the user, which is the owner ofthe data, or may be calculated statistically based on the provisionsituation of the data to be provided to the provider. For example, amethod may be adopted where a ratio of the amount of data provided iscalculated for the data provided to respective providers managed by thedata provision management unit 1200, and the data with a higher ratio isgiven a higher degree of importance. It is also possible to calculatethe importance based on the possibility of the user not giving consentto provide data. For example, the importance may be calculated such thatthe greater the possibility of the user not giving consent to providedata, the higher the degree of importance.

FIG. 7 illustrates an example where the data importance table 700 isconstituted of three columns, but the configuration of the dataimportance table 700 is not limited to this.

Returning to FIG. 4 , in Step S206, the service usage management unit1401 sums up the degrees of importance of all data items used for theservice. Specifically, the service usage management unit 1401 calculatesa total of the values representing the importance, which were acquiredin Step S205. After the calculation is finished, the service usagemanagement unit 1401 decreases the counter value of the number of dataitems, and returns to Step S204. Step S204 through Step S206 arerepeated until the degrees of importance for all of the data items usedfor the service are added up.

In Step S207, the service usage management unit 1401 acquiresinformation regarding the service usage from the service usage table600. Examples of information acquired in this step include the frequencyof use 605 indicating the number of times the service is used over aprescribed period, and the duration of use 606 indicating how long theuser have been using the service. If the frequency of use 605 is used,the unit needs to be adjusted to ensure consistency among the respectiveservices being used by the user. For example, if the largest unit is permonth, daily usage is converted to 30 times per month. If the durationof use 606 is used, the respective unites need to be converted to thesmallest unit. For example, if the smallest unit is per month, one yearneeds to be converted to 12 months.

In Step S208, the service usage management unit 1401 calculates acredibility level based on the degrees of data importance added up inStep S206 and the information regarding the service usage acquired inStep S207. For example, the credibility level may be calculated withFormula (1) below.

Credibility Level=Total of Data Importance×Frequency of Use×Duration ofUse  (1)

According to this formula, a provider of a service that receivesimportant data from the user, is used by the user more frequently andfor a longer period of time is given a higher credibility level.However, the calculation of the credibility level is not limited to thisformula. For example, the credibility level may be calculated solelybased on the data importance, the frequency of use, or the duration ofuse, or a combination of any two of those. Alternatively, thecredibility level may be set based on any other standards than thosedescribed above (such as the number of users for the service), or may beappropriately set by the user.

In the example above, a provider was selected as the comparison targetbased on the credibility level, and the service provided by the providerwas selected as the comparison target, but the selection of a comparisontarget based on the information included in the service usage table 600is not limited to this. For example, the user may select the sameprovider as the provider of the service they wish to use, or the usermay select a service that belongs to the same category as the servicethey wish to use.

In Step S209, the service usage management unit 1401 records thecredibility level calculated in Step S208 in the credibility level 608of the service usage table 600. After the information is recorded, theservice usage management unit 1401 decreases the counter value of thenumber of services, and returns to Step S202. Steps S202 to S209 arerepeated until the credibility level is calculated for all of theservice providers being used by the user.

Below, the explanation continues with reference to FIG. 3 again.

In Step S107, the difference of terms extraction unit 1402 compares theterms of use of the new service provider that the user wishes to use andthe terms of use of one service provider being used by the user, whichwas extracted in Step S106, and identifies similarity and difference. Anexample of the method for extracting the difference between therespective terms will be explained below with reference to FIG. 5 .

<FIG. 5: Process to Extract Difference Between Terms>

FIG. 5 is a flowchart illustrating an example of the process in whichthe data intermediary device 100 of Embodiment 1 of the presentinvention extracts a difference between the respective terms of use.

In Step S301, the difference of terms extraction unit 1402 acquires theterms of use of the new service that the user wishes to use from theterms of use management unit 1300.

In Step S302, the difference of terms extraction unit 1402 acquiresinformation of the service provider as the comparison target, which wasextracted from the service usage management unit 1401 in Step S106, andacquires the terms of use of the service provider from the terms of usemanagement unit 1300.

In Step S303, the difference of terms extraction unit 1402 acquiresitems to be compared between the terms of use of the new serviceprovider the user wishes to use, which were acquired in Step S301, andthe terms of use of the comparison target acquired in Step S302.Examples of the method to acquire comparison items includes a method ofacquiring items specified in the terms of use. For example, with regardto the terms of use illustrated in FIG. 8 , the service overview and theprovider generally differ between the respective services, and thus,items except those are acquired as the comparison items. Examples ofitems acquired in this step include data items used by the service (suchas name and email address), a data acquisition method, purposes of use,data processing, data provision to a third party, a storage period,involvement of the user, and contact information. All of those items maybe compared, or the user may specify certain items of interest inadvance so that only those items are compared.

In Step S304, the difference of terms extraction unit 1402 confirms thenumber of comparison items acquired in Step S303, and holds the numberof comparison items as a counter value. If the counter value of thenumber of comparison items is greater than zero, the process moves toStep S305. If the counter value of the number of comparison items iszero, the process to extract a difference between the respective termsof use is ended.

In Step 305, the difference of terms extraction unit 1402 retrieves oneitem from the comparison items acquired in Step S303, and retrieves thecontent of that comparison item from the terms of use of the new servicethe user wishes to use, which were acquired in Step S302. For example,if the difference of terms extraction unit 1402 retrieves a comparisonitem that represents the data used by the service, then the content ofthe data used is retrieved from the terms of use table 800 of the newservice the user wishes to use. In this example, a case where the name,the email address, the location information, the visit historyinformation, and the review posting information are acquired as the listof data used will be explained.

In Step 306, for the comparison item retrieved in Step S304, thedifference of terms extraction unit 1402 retrieves the content of thecomparison item from the terms of use of the comparison target, whichwere acquired in Step S303. For example, if the difference of termsextraction unit 1402 retrieves a comparison item that represents thedata used by the service, then the content of the data used is retrievedfrom the terms of use table 800 for the comparison target. In thisexample, a case where the name, the email address, the credit card, andthe location information are acquired as the list of data used will beexplained.

In Step S307, the difference of terms extraction unit 1402 compares thecontent of the comparison item retrieved in Step S305 with the contentof the comparison item retrieved in Step S306, and identifies similarityand difference. In this example, the data used by the new service isuser's name, email address, location information, visit historyinformation, and review posting information. On the other hand, the dataused by the service of the comparison target is user's name, emailaddress, credit card and location information. When the two services arecompared based on the data used, a list of data items including user'sname, email address, and location information is identified assimilarity. For the difference, the new service uses visit historyinformation and review posting information, but not credit cardinformation.

In Step S308, the difference of terms extraction unit 1402 registers thesimilarity and difference between the terms of use of the new serviceand the terms of use of the comparison target, which were extracted inStep S307.

FIG. 9 is a diagram for explaining an example of the difference of termstable stored in the data intermediary device 100 of Embodiment 1 thepresent invention.

As illustrated in FIG. 9 , the difference of terms table 900 includes acomparison item 901, similarity 902 and difference 903. The comparisonitem 901 is the name of the item included in the terms of use. Thesimilarity 902 is the content that is common between the respectiveterms of use with regard to the comparison item 901. The difference 903is a difference between the respective terms of use with regard to thecomparison item 901. FIG. 9 illustrates a table constituted of threecolumns, but the configuration of the difference of terms table 900 isnot limited to this.

In the example of FIG. 9 , when items included in the data used (name,email address, location information and the like) are compared betweenthe terms of use of the new service and the terms of use of thecomparison target, the item 8 and the item C are common between the two.On the other hand, the item J and the item K are only included in theterms of use of the new service. Data anonymization and user'sinvolvement in disclosure, suspension of use, and revision of data arecommon between the two. Data provision to a third party is authorized inthe terms of use of the comparison target, but not in the terms of useof the new service.

Returning to FIG. 5 , after registering the similarity and differencebetween the terms of use of the new service and the terms of use of thecomparison target, the difference of terms extraction unit 1402decreases the counter value for the number of comparison items, andreturns to Step S304. Step S304 through Step S308 are repeated until theprocess is completed for all of the comparison items. When all of thecomparison items have undergone the process, the process to extract adifference between the respective terms of use is ended.

Below the explanation continues with reference to FIG. 3 again.

In Step S108, the consent notification generation unit 1501 generates aconsent request notification including the terms of use of the newservice the user wishes to use, which was confirmed in Step S105, andthe difference between the terms of use of the new service and the termsof use of one of the service providers being used by the user, which wasextracted in Step S107. The consent notification generation unit 1501transmits the generated consent request notification to the data ownerterminal 30N via the communication unit 1100.

In Step S109, the data owner terminal 30N gives notification to the userthat the consent request notification has been received. The data ownerterminal 30N then displays the details of the received consent requestnotification on the screen.

FIG. 10 is a diagram for explaining an example of the consent requestscreen displayed by the data owner terminal 30N constituting the dataintermediary system of Embodiment 1 of the present invention.

As illustrated in FIG. 10 , the consent request screen 1000 includes thename of the service 1001, difference 1002 of the terms of use betweenthe new service provider and one of the service providers being used bythe user, buttons 1003 and 1004 for the user to accept or decline therequest, and details of the terms of use 1005. However, the format ofthe consent request screen 1000 is not limited to that of FIG. 10 . Theuser accepts or declines the terms of use of the new service based onthe information displayed on the consent request screen 1000, andtransmits the information to the data intermediary device 100.

In Step S110, the consent acquisition unit 1502 acquires informationrepresenting the result of user's decision in Step S109 via thecommunication unit 1100, and records and manages the details such aswhich user has accepted what terms of use of which service, for example.

In Step S111, the data intermediary device 100 issues a request for thedata required for the new service the user wishes to use to the dataproviding device 10N based on the terms of use accepted by the user andrecorded in Step 110. The message requesting the data includes the userID for identifying the user, the data items, and information indicatingthat the user has agreed to provide data.

In Step S112, upon receiving the request from the data intermediarydevice 100, the data providing device 10N confirms that the user'sconsent has been obtained, searches for necessary data using the user IDand the data items, and transmits the data to the data intermediarydevice 100.

In Step S113, the data provision management unit 1200 of the dataintermediary device 100 performs necessary processes on the user'spersonal data required for the new service, which was received in StepS112, such that the data can be provided to the data utilization device20N, and the data distribution control unit 1600 performs a control suchthat the data is provided to the correct data utilization device 20N.

In Step S114, the data intermediary device 100 records the data to beprovided to the data utilization device 20N in Step S115. The datarecorded in this step includes the time stamp, the user id, the serviceID, and the data items.

In Step S115, the data intermediary device 100 transfers the datarecorded in Step S114 to the data utilization device 20N via thecommunication unit 1100. The message transferred to the data utilizationdevice 20N includes the user ID for identifying the user, the service 1for identifying the service, and the data items required for theservice.

In Step S116, the data utilization device 20N provides the servicerequested by the user via the data owner terminal 30N based on the userdata received in Step S115.

According to this embodiment, a service provider trusted by the user(for example, the service provider most trusted by the user) is selectedfrom the service providers being used by the user, and the terms of useof the service provider and the terms of use of the new service providerare compared to identify similarity and difference. This way, it ispossible to obtain additional information to inform the user's decisionto either accept or decline the terms of use, which helps the user tomake a quicker decision and therefore reduces the burden in the consentprocedure, if two or more service providers with a high credibilitylevel are identified upon performing the comparison, a configuration maybe adopted where the terms of use of each provider is compared with theterms of use of the new service, and the user is notified of adifference in each case.

Embodiment 2

Next, Embodiment 2 of the present invention will be explained. InEmbodiment 2, processes are performed based on items and criteria thatare specified by the user in advance in the comparison target extraction(Step S106), the difference of terms extraction (Step S107), and thenotification of terms (Step S108). Except those differences, which areexplained below, the respective units of the system of Embodiment 2 havethe same functions as the respective units of Embodiment 1 given thesame reference characters illustrated in FIGS. 1 to 10 , and thus, theexplanations thereof are omitted.

The process of Step S103 in Embodiment 2 will be explained below withreference to FIG. 11 .

<FIG. 11: Process to Extract a Provider as Comparison Target>

FIG. 11 is a flowchart illustrating an example of the process to extracta provider as a comparison target, which is performed by the dataintermediary device 100 of Embodiment 2 of the present invention.

In Step S401, the service usage management unit 1401 acquiresinformation regarding the comparison target specified by the user inadvance. Information specified in advance by the user including thecomparison information is managed by a user specification table storedin the storage unit 2000.

FIG. 13 is a diagram for explaining an example of the user specificationtable stored in the data intermediary device 100 of Embodiment 2 thepresent invention.

As illustrated in FIG. 13 , the user specification table 1310 includes auser ID 1311, comparison target information 1312, comparison iteminformation 1313, and consent request skipping information 1314. Each ofthose will be described later in detail. However, the configuration ofthe user specification table 1310 is not limited to that of FIG. 13 .

In Step S401, the service usage management unit 1401 refers to thecomparison target information 1312. The comparison target information1312 includes a comparison provider ID 1312A and comparison targetcriteria 1312B. The comparison provider ID 1312A is identificationinformation of the provider that is always extracted as the comparisontarget upon performing comparison. The comparison target criteria 1312Bis criteria that is always used when the comparison target is extracted.The service usage management unit 1401 acquires the comparison providerID 1312A and the comparison target criteria 1312B from the userspecification table 1310.

In Step S402, the service usage management unit 1401 refers to theinformation acquired in Step S401, and confirms whether there is a valuein the comparison provider ID 1312A. If there is a value in thecomparison provider ID 1312A, the process moves to Step S405. If thereis no value in the comparison provider ID 1312A, the process moves toStep S403.

In Step S403, the service usage management unit 1401 refers to theinformation acquired in Step S401, and acquires the comparison targetcriteria 1312B.

In Step S404, the service usage management unit 1401 extracts serviceproviders that meet the criteria from the service usage table 600 asillustrated in FIG. 6 , based on the criteria acquired in Step S403. Forexample, if the criteria of “the longest duration of use” is acquired asthe comparison target criteria 1312B, the service usage management unit1401 extracts a service provider that has been used by the user for thelongest period of time from the service usage table 600.

In Step S405, the service usage management unit 1401 registers thecomparison provider ID 1312A specified by the user, or the providerextracted in Step S404 as the comparison provider.

Next, the process of Step S107 in Embodiment 2 will be explained belowwith reference to FIG. 12 .

<FIG. 12: Process to Extract Difference of Terms>

FIG. 12 is a flowchart illustrating an example of the process in whichthe data intermediary device 100 of Embodiment 2 of the presentinvention calculates a difference between the respective terms of use.

In Step S501, the difference of terms extraction unit 1402 acquiresinformation regarding comparison items specified by the user in advance.Here, the difference of terms extraction unit 1402 acquires thecomparison item information 1313 in the user specification table 1310illustrated in FIG. 13 . The comparison item information 1313 includestype comparison 1313A and item comparison 1313B.

The type comparison 1313A compares the terms of use of the new servicethe user wishes to use against predetermined types, and determines whichtype the terms of use of the new service the user wishes to use iscategorized to. Examples of the types include an anonymization typewhere anonymization is mentioned in the terms of use, and a nothird-party provision type where the terms of use specify that data willnot be provided to a third party. As such, the type is informationindicating the content or characteristics of terms of use, orinformation that allows the user to uniquely identify the formatthereof. Thus, other types than those illustrated in FIG. 13 may beused.

The item comparison 13138 is information specifying items that the userthinks important. The process to extract difference in the respectiveterms is performed only on the items specified by the user. Thedifference of terms extraction unit 1402 acquires the type comparisoninformation 1313A and the item comparison information 1313B.

In Step S502, the difference of terms extraction unit 1402 confirmswhether the type comparison is specified or not in the type comparisoninformation 1313A acquired in Step S501. If there is a value in the typecomparison information 1313A, this means that the type comparison isspecified, and thus, the process moves to Step S503. If there is novalue in the type comparison information 1313A, this means that the typecomparison is not specified, and thus, the process moves to Step S505.

In Step S503, the difference of terms extraction unit 1402 acquirescriteria of the type comparison acquired in Step S501. For example, ifthe user has specified the anonymization type, anonymization is acquiredas the criteria.

In Step S504, the difference of terms extraction unit 1402 comparesrespective terms of use by the type based on the comparison criteriaacquired in Step S503, and identifies the type of the terms of use ofthe new service the user wishes to use. If the type comparison isspecified, comparison by type takes priority When the comparison by typeis completed, the process to extract difference between the respectiveterms of use is ended. One example of the screen displayed to the userin Step S109 of FIG. 3 in this situation will be explained withreference to FIG. 14A.

FIG. 14A is a diagram for explaining one example of the screen displayedto the user after type comparison was performed in Embodiment 2 of thepresent invention.

As illustrated in FIG. 14A, the notification screen 1410 includes thename of the service 1411, a result 1412 of type comparison performed onthe terms of use, buttons 1413 and 1414 for the user to accept ordecline the request, and details of the terms of use 1415. However, thenotification screen is not limited to that of FIG. 14A.

In Step S502, the difference of terms extraction unit 1402 confirmswhether comparison items are entered or not in the item comparisoninformation 1313B acquired in Step S501. If there is a value in the itemcomparison information 1313B, this means that comparison items arespecified, and thus, the process moves to Step S506. If there no valuein the item comparison information 1313B, this means that comparisonitems are not specified, and thus, the process moves to Step S508.

In Step S506, the difference of terms extraction unit 1402 acquires alist of comparison items acquired in Step S501.

In Step S507, the difference of terms extraction unit 1402 extracts adifference between the respective terms of use only in those comparisonitems based on the list of comparison items acquired in Step S506. Whena difference of terms has been extracted, the process to extract adifference between the respective terms of use is ended.

In Step S508, the difference of terms extraction unit 1402 extracts adifference between the respective terms of use on all items in a mannersimilar to Embodiment 1. When a difference of terms has been extracted,the process to extract a difference between the respective terms of useis ended.

Next, Step S108 in Embodiment 2 will be explained below.

In Step S108, the consent notification generation unit 1501 skips aconsent request based on the criteria specified by the user. Asillustrated in FIG. 13 , the user specification table 1310 includesconsent request skipping information 1314. The consent request skippinginformation 1314 includes criteria 1314A for accepting terms andcriteria 1314B for declining terms. Those criteria are specified by theuser. If the criteria 1314A for accepting terms is met, the process torequest a user's consent is skipped, and user's intention of acceptingthe terms is always communicated. If the criteria 1314B for decliningterms is met, the process to request a user's consent is skipped, anduser's intention of declining the terms is always communicated.

The consent notification generation unit 1501 acquires the criteria1314A for accepting terms and the criteria 1314B for declining termsfrom the user specification table 1310, and confirms whether one of thecriteria 1314A for accepting terms and the criteria 1314B for decliningterms is met based on the information indicating a difference betweenthe terms of use, which was extracted in Step S107. If neither criteriais met, processes similar to those of Embodiment 1 are performed. If thecriteria 1314A for accepting terms or the criteria 1314B for decliningterms is met, the result of either accepting or declining the terms andthe reason thereof are presented to the user instead of asking for theirconsent. One example of a screen displayed to the user in Step S109 ofFIG. 3 in this situation will be explained with reference to FIG. 14B.

FIG. 14B is a diagram for explaining one example of the screen displayedto the user when a consent request for the user is skipped in Embodiment2 of the present invention.

As illustrated in FIG. 146 , the notification screen 1420 includes thename of the service 1421, a determination result 1422, a determinationreason 1423, a cancel button 1424, and details of the terms of use 1425.However, the notification screen is not limited to that of FIG. 148 .

For example, in the example of USER2 in FIG. 13 , terms of use of theservice with the largest number of users are extracted as the comparisontarget, and the item for the data used in the terms of use is comparedwith the item for the data used in the terms of use of the new servicethe use wishes to use. As a result, if “the difference being 10% orless”, which is the criteria for accepting terms, is met, “Accept” isdisplayed for the determination result 1422, and “difference being 10%or less” is displayed for the reason 1423. If the user interacts withthe cancel button 1424, this acceptance is canceled. The notificationscreen 1420 may also include a “confirm” button (not shown in thefigure) so that the acceptance is confirmed when the user interacts withthis confirm button.

As described above, according to Embodiment 2 of the present invention,each user may appropriately specify a provider as the comparison targetfor the terms of use of the provider of the new service they wish to use(Comparison provider ID 1312A). Alternatively, the user mayappropriately specify criteria for selecting a provider for thecomparison target. Furthermore, it is possible to appropriately selectone or more data items to be compared from data items in the terms ofuse as illustrated in FIG. 8 , for example.

Each user may also specify criteria for accepting data provision basedon terms of use, or criteria for declining data provision based on termsof use. For example, it is possible to specify criteria that “adifference between the terms of use of the provider of the new serviceand the terms of use of the comparison target provider does not exceed aprescribed threshold (10% or less, for example)”. Alternatively, it ispossible to specify criteria to be met by the terms of use of a providerof the new service the use wishes to use. For the latter, a value of anyone of the data used, data acquisition method, purpose of use, dataprocessing, third-party provision, storage period, user's involvementand the like shown in FIG. 8 may be specified for the criteria. Examplesthereof includes accepting the terms if data anonymization is performed,and declining the terms if data is provided to a third party. Then, ifthe terms of use of the new service provider the user wishes to use meetthe criteria, data provision may be accepted or declined regardless ofthe comparison result with the comparison target.

This way, the user can freely specify criteria regarding the consentprocedure, and it is possible to extract a provider or an item to becompared based on the criteria specified by the user. As a result, it ispossible to adjust the comparison process in accordance with the user'spreferences, such as performing data comparison for items that areimportant to the user, and skipping data comparison for items that arenot important to the user. Also, the consent procedure can be skippedbased on the criteria for accepting terms or the criteria for decliningterms specified by the user, which can ease the burden on the user inthe consent procedure.

A system according to an embodiment of the present invention may beconfigured as follows.

(1) A data intermediary system, including a processor (the CPU 3000, forexample) and a storage unit (at least one of the memory 4000 and thestorage unit 2000, for example), wherein the storage unit stores thereinusage information (the service usage table 600, for example) indicatingusage of a plurality of services that a user has used in the past;wherein the processor acquires information indicating data items that aprovider of a first service that the user wishes to use requires theuser to provide, based on terms of use of the first service (Step S103,for example), selects a second service from a plurality of services thatthe user has used in the past, based on the usage information (StepS106, for example), extracts a difference between the data items thatneeds to be provided based on the terms of use of the first service anddata items provided based on terms of use of the second service (StepS107, for example), outputs information indicating the extracteddifference (Step S108, for example), and controls, upon receivinginformation indicating that the user has accepted the terms of use ofthe first service, a flow of data from a provider holding the data thatneeds to be provided based on the terms of use of the first service tothe provider that provides the first service, (Steps S111 to S115, forexample).

This makes it possible to ease the burden of the user in the process ofgiving consent to data provision required to use a service.

(2) In (1) described above, the usage information includes at least oneof a service name, a provider name, a service category, a frequency ofuse, a duration of use, terms of use, and a credibility level of theprovider for a plurality of services that the user has used in the past,and the processor selects, as the second service, a service with agreater frequency of use, a service with a longer duration of use, or aservice provided by a provider having a higher credibility level, amongthe plurality of services that the user has used in the past.

This makes it possible to extract data required to use the service, afrequency of use of the service, and the like from the service usage,and to extract an appropriate service as a comparison target. Also, bycomparing the terms of use of the extracted service provider with theterms of use of the new service the user wishes to use, and identifyinga difference between the respective terms, it is possible to reduce anamount of information to be checked to determine whether the terms ofuse should be accepted or not.

(3) In (2) described above, the storage unit stores therein importanceinformation (the data importance table 700, for example) indicating adegree of importance of each data item provided based on terms of use ofa plurality of services that the use has used in the past, and theprocessor calculates the sum of degrees of importance of data itemsprovided based on the terms of use for each of the plurality of servicesthat the use has used in the past, and calculates the credibility levelsuch that the credibility level becomes higher as the sum of degrees ofimportance is greater.

This makes it possible to extract an appropriate service as a comparisontarget.

(4) In (3) described above, the importance is an indicator of amagnitude of a risk when data is abused.

This makes it possible to extract an appropriate service as a comparisontarget.

(5) In (3) described above, the processor calculates the credibilitylevel such that the credibility level becomes higher as the frequency ofuse is greater, as the duration of use is longer, and as the importanceis greater (calculated by Formula (1), for example), and selects, as thesecond service, a service provided by a provider having a highcredibility level.

This makes it possible to extract an appropriate service as a comparisontarget.

(6) In (2) described above, the storage unit stores therein information(the item comparison 1313B, for example) specifying data items to becompared, and the processor extracts, for the data items to be compared,a difference between data items that need to be provided based on theterms of use of the first service and data items provided based on termsof use of the second service.

This way, it is possible to extract an item to be compared based on thecriteria specified by the user.

(7) In (2) described above, the storage unit stores therein at least oneof a first criteria (the criteria 1314A for accepting terms, forexample) to be met for the user to accept the terms of use of the firstservice, and a second criteria (the criteria 1314B for declining terms,for example) to be met for the user to decline the terms of use of thefirst service, and if the difference meets the first criteria, theprocessor determines that the user accepts the terms of use of the firstservice, and if the difference meets the second criteria, the processordetermines that the user declines the terms of use of the first service.

This way, it is possible to appropriately make the comparison inaccordance with the user's preferences. Also, the consent procedure canbe skipped based on the criteria, which can ease the burden on the userin the consent procedure.

(8) In (2) described above, the storage unit stores therein at least oneof a third criteria (the criteria 1314A for accepting terms, forexample) to be met by the terms of use of the first service for the userto accept the terms of use of the first service, and a fourth criteria(the criteria 1314B for declining terms, for example) to be met by theterms of use of the first service for the user to decline the terms ofuse of the first service, and if the difference meets the thirdcriteria, the processor determines that the user accepts the terms ofuse of the first service, and if the difference meets the fourthcriteria, the processor determines that the user declines the terms ofuse of the first service.

This way, the consent procedure can be skipped based on the criteria,which can ease the burden on the user in the consent procedure.

(9) In (8) described above, the third criteria and the fourth criteriaare criteria related to any one of a data item that needs to be providedbased on the terms of use of the first service, a method to acquire thedata, a purpose of use of the data, whether the data is to be anonymizedor not, whether the data is to be provided to a third party or not, astorage period of the data, and involvement of the user in handling ofthe data.

This way, the consent procedure can be skipped based on the criteria,which can ease the burden on the user in the consent procedure.

The present invention is not limited to the embodiments described above,and may include various modification examples. The embodiments describedabove, for example, were explained in detail such that the presentinvention is understood more clearly and they shall not necessarily beinterpreted to include all of the configurations described above. Also,it is possible to replace part of the configuration of one embodimentwith a configuration of another embodiment, and it is also possible toadd a configuration of one embodiment to a configuration of anotherembodiment. Furthermore, another configuration may be added to a part ofthe configuration of each embodiment, and a part of the configuration ofeach embodiment may be deleted or replaced.

Part or all of the respective configurations, functions, processingunits, processors, and the like described above may be realized byhardware such as designing with an integrated circuit, for example. Therespective configurations, functions, and the like described above maybe realized by software with a processor interpreting and executingprograms that realize the respective functions. Information such asprograms, tables, and files for realizing the respective functions canbe stored in a storage device such as a non-volatile semiconductormemory, a hard disk drive, a solid-state drive (SSD), or a computerreadable non-temporary data storage medium such as an IC card, SD card,or DVD.

The control lines and information lines needed for explanation wereillustrated above, but it does not mean that all of the control linesand information lines in a product were illustrated. In actuality,almost all of the configurations are mutually connected.

What is claimed is:
 1. A data intermediary system, comprising: aprocessor; and a storage unit, wherein the storage unit stores thereinusage information indicating usage of a plurality of services that auser has used in the past; wherein the processor acquires informationindicating a data item that needs to be provided by a user as requiredby a provider of a first service that the user wishes to use, based onterms of use of the first service, selects a second service from aplurality of services that the user has used in the past, based on theusage information, extracts a difference between the data items thatneeds to be provided based on the terms of use of the first service anddata items provided based on terms of use of the second service, outputsinformation indicating the extracted difference, and controls, uponreceiving information indicating that the user has accepted the terms ofuse of the first service, a flow of data from a provider holding thedata that needs to be provided based on the terms of use of the firstservice to the provider that provides the first service.
 2. The dataintermediary system according to claim 1, wherein the usage informationincludes at least one of a service name, a provider name, a servicecategory, a frequency of use, a duration of use, terms of use, and acredibility level of the provider for a plurality of services that theuser has used in the past, and wherein the processor selects, as thesecond service, a service with a greater frequency of use, a servicewith a longer duration of use, or a service provided by a providerhaving a higher credibility level, among the plurality of services thatthe user has used in the past.
 3. The data intermediary system accordingto claim 2, wherein the storage unit stores therein importanceinformation indicating a degree of importance of each data item providedbased on terms of use of a plurality of services that the use has usedin the past, and wherein the processor calculates a sum of degrees ofimportance of data items provided based on the terms of use for each ofthe plurality of services that the use has used in the past, andcalculates the credibility level such that the credibility level becomeshigher as the sum of the degrees of importance is greater.
 4. The dataintermediary system according to claim 3, wherein the importance is anindicator of a magnitude of a risk if data was abused.
 5. The dataintermediary system according to claim 3, wherein the processorcalculates the credibility level such that the credibility level becomeshigher as the frequency of use is greater, as the duration of use islonger, and as the degree of importance is greater, and selects, as thesecond service, a service provided by a provider having a highcredibility level.
 6. The data intermediary system according to claim 2,wherein the storage unit stores therein information specifying a dataitem to be compared, and wherein the processor extracts, for the dataitem to be compared, a difference between data items that need to beprovided based on the terms of use of the first service and data itemsprovided based on terms of use of the second service.
 7. The dataintermediary system according to claim 2, wherein the storage unitstores therein at least one of a first criteria to be met for the userto accept the terms of use of the first service, and a second criteriato be met for the user to decline the terms of use of the first service,and wherein, if the difference meets the first criteria, the processordetermines that the user accepts the terms of use of the first service,and if the difference meets the second criteria, the processordetermines that the user declines the terms of use of the first service.8. The data intermediary system according to claim 2, wherein thestorage unit stores therein at least one of a third criteria to be metby the terms of use of the first service for the user to accept theterms of use of the first service, and a fourth criteria to be met bythe terms of use of the first service for the user to decline the termsof use of the first service, and wherein, if the terms of use of thefirst service meet the third criteria, the processor determines that theuser accepts the terms of use of the first service regardless of thedifference, and if the terms of use of the first service meet the fourthcriteria, the processor determines that the user declines the terms ofuse of the first service regardless of the difference.
 9. The dataintermediary system according to claim 8, wherein the third criteria andthe fourth criteria are criteria related to any one of a data item thatneeds to be provided based on the terms of use of the first service, amethod to acquire the data, a purpose of use of the data, whether thedata is to be anonymized or not, whether the data is to be provided to athird party or not, a storage period of the data, and involvement of theuser in handling of the data.
 10. A data intermediary method performedby a data intermediary system including a processor and a storage unit,the storage unit storing therein usage information indicating usage of aplurality of services that a user has used in the past, the dataintermediary method comprising: a step in which the processor acquiresinformation indicating a data item that needs to be provided by a useras required by a provider of a first service that the user wishes touse, based on terms of use of the first service; a step in which theprocessor selects a second service from a plurality of services that theuser has used in the past, based on of the usage information; a step inwhich the processor extracts a difference between the data item thatneeds to be provided based on the terms of use of the first service anda data item that has been provided based on terms of use of the secondservice; a step in which the processor outputs information indicatingthe extracted difference; and a step in which, upon receivinginformation indicating that the user has accepted the terms of use ofthe first service, the processor controls a flow of data from a providerholding the data that needs to be provided based on the terms of use ofthe first service to the provider that provides the first service.